Twitter has different crossdomain.xml policy files for the root domain and the ‘search’ subdomain. This is great news for Flash developers wanting to use their data.
If you’re getting Sandbox Security errors but your crossdomain.xml file is set up correctly then you might need to alter the header values in your server response. This really is a weird bug and could have taken a long time to get to the bottom of.
Something else to note is that Fiddler2 interfered with the crossdomain.xml loading and caused this error to recur.